[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Devel] Re: CVS update: skolelinux/src/webmin-ldap-skolelinux index.cgi
> @@ -85,6 +85,11 @@
> if ($in{'editpw'}){
> ldap_mod_user ($in{'userUid'}, $rootpw,$rootdn,
> $basedn, 'userPassword', "{crypt}" .&gen_crypt($in{'editpw'})) ;
> + if ($config{'sambasync'})
> + {
> + # update samba password, too
> + run_script("smb_create.pl", latin1($in{'userUid'})->utf8, $in{'editpw'}, $rootpw);
> + }
Programs should never give password on the command line when starting
other programs. The arguments are visible to other users (using ps,
top, reading /proc/*, etc), so any user on the system can read the
passwords. The password arguments should be passed on using the
environment or stdin.